Oracle Java System Web Server HTTP Response Splitting Vulnerability Network Vulnerability

Summary

The host is running Oracle Java System Web Server and is prone to HTTP response splitting vulnerability.

Impact

Successful exploitation will allow remote attackers to conduct Cross Site Scripting and browser cache poisoning attacks. Impact Level: Application

Solution

Apply the patch from below link, http://sunsolve.sun.com/search/document.do?assetkey=1-79-1215353.1-1

Insight

The flaw is due to input validation error in 'response.setHeader()' method which is not properly sanitising before being returned to the user. This can be exploited to insert arbitrary HTTP headers, which will be included in a response sent to the user.

Affected

Oracle Java System Web Server 6.x/7.x

References

http://inj3ct0r.com/exploits/14530
http://www.exploit-db.com/exploits/15290/
http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html#AppendixSUNS

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-3514
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

GoAhead Webserver Multiple Stored Cross Site Scripting Vulnerabilities
AOLServer Terminal Escape Sequence in Logs Command Injection Vulnerability
IBM WebSphere Application Server (WAS) Multiple Vulnerabilities
CommuniGate Pro Web Mail URI Parsing HTML Injection Vulnerability
Cherokee URI Directory Traversal Vulnerability and Information Disclosure Vulnerability

Take action and discover your vulnerabilities